Content, Content

MDR Security Provider Expel Challenges MSSPs to Step Up Their Game

Credit: Getty Images

Business email compromise (BEC) should be considered “public enemy number one,” Expel, a Top 250 MSSP and Top 40 managed detection and response (MDR) security provider, said in a new report based on malware incident data gleaned from its security operations center (SOC).

Expel’s inaugural annual report, entitled Great eXpeltations 2022, covers the SOC-as-a-service platform provider’s full customer base, ranging from small- and midsize outfits to enterprise organizations spanning a year’s worth of data. Before we dip into the data, there’s a sidestep to take:

Expel: An MSSP and MDR Alternative?

Expel positions itself as an alternative to the service delivery model of managed security service providers (MSSPs) and to a lesser degree some managed detection and response providers (MDRs). The security provider offers a partner program that includes sales incentives, deal registration, training tools and marketing collaboration.

In some ways, Expel, which refers to itself as an “irreverent crew,” is throwing down the gauntlet on MSSPs. This is what the company says about its business philosophy on its web site:

“We think MSSPs have reached the ceiling of the value they can provide. They’ve repeatedly disappointed customers and taught them to expect less by taking a transactional, one-size-fits-all approach, managing to their SLA and prioritizing the quantity of alerts over quality of service. MDRs have emerged to fill the gap, but most ignore the security investments you’ve made and toss alerts back at you without telling you why.”

That’s quite a throw down. Will MSSPs step up to the challenge or wave it off?

Research: Malware Incident Data Findings

Now, back to the study’s findings:

BEC. One reason Expel believes BEC tops the list of executed malware: Of all the security incidents Expel identified, 50 percent were business email compromise infections. BEC accounted for 30 -60 percent of all incidents every month. Nearly all were in Microsoft’s Office 365. Less than one percent of the BEC attacks were in Google Space.

Expel also looked at ransomware, cryptojacking and asset management. Here’s what the data showed:

Ransomware. Ransomware threat actors benefitted from employees of the target organization accidentally installing malware for initial entry. Nearly 85 percent of opportunistic attempts to deploy commodity malware or a ransomware stager on a Windows device used an attack vector such as zipped JavaScript files, zipped executables, and malicious macros in Microsoft Office docs and Excel spreadsheets.

Cryptojacking. Of the web app compromises identified, 35 percent resulted in deployment of a crypto miner. Organizations experiencing this type of incident patched the exploited vulnerabilities 100 percent of the time, thereby removing an entry point for ransomware.

Security. Effective security starts with answering the question “Are we running that software?” or “Are we vulnerable?”

Industry. The real estate industry experienced the greatest proportion of BEC attacks.

Platforms. None of the incidents were from malware deployed to Chrome OS. None of the BEC incidents involved accounts with fast identity online (FIDO) security keys.

Late last year, the six-year old, privately-held company secured a $140.3 million Series E funding round, elevating its valuation to $1.5 billion. Since its inception, the Herndon, Virginia-based Expel has raised a total of $258 million.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.